Description
The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network.
A cross-site scripting vulnerability exists in search.php of the appliance. This vulnerability has been assigned CVE-2015-0937.

An information disclosure vulnerability exists in search.php of the appliance. By use of a specialized URL parameter, this vulnerability allows a user to search for and obtain a list of documents meeting certain keywords, even if those documents are private. This vulnerability has been assigned CVE-2015-0938.

These vulnerabilities have been observed in version 4.2.3.20150129-RELEASE; other releases may also be affected. For more information, please see Blue Coat’s security advisory SA94..

The CVSS score below is based on CVE-2015-0937.

Impact
The cross-site scripting vulnerability may allow compromise of user credentials. The information disclosure vulnerability may allow private file data to be obtained by unauthorized users.

Solution
Update software

Blue Coat has addressed these vulnerabilities in version 4.2.4.20150312-RELEASE. Affected users are suggested to upgrade as soon as possible.

CATEGORIES

Cyber Parse was created to provide knowledge to help everyone understand and deal with the ever increasing threats we all face by Cyber Crime (Malware, Social Engineering, Phishing and hacking).
Our purpose is to provide the right information to our readers by breaking down and communicating knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security, then using Risk Management practices to help translate the technical aspects of the Risks, Threats, Vulnerabilities and controls to reduce the risk into business language.